aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--packages/squid.xml25
1 files changed, 20 insertions, 5 deletions
diff --git a/packages/squid.xml b/packages/squid.xml
index 6a5bebda..36ae5cc9 100644
--- a/packages/squid.xml
+++ b/packages/squid.xml
@@ -9,12 +9,27 @@
<custom_php_install_command>
echo "&lt;pre&gt;";
system("/bin/mkdir /usr/local/etc/squid");
+ $lancfg = $config['interfaces']['lan'];
+ $lanif = $lancfg['if'];
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+ $netmask = "";
$fout = fopen("/usr/local/etc/squid/squid.conf","w");
- fwrite($fout, "http_port 127.0.0.1:3128\n");
- fwrite($fout, "http_access deny to_localhost\n");
- fwrite($fout, "acl our_networks src 10.0.0.0/8\n");
- fwrite($fout, "http_access allow our_networks\n");
- fwrite($fout, "visible_hostname insomnia.benzedrine.cx\n");
+ fwrite($fout, "# cat squid.conf\n");
+ fwrite($fout, "http_port 3128\n");
+ fwrite($fout, "icp_port 0\n");
+ fwrite($fout, "acl localnet src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl all src " . $lansa . "/" . $lansn . "\n");
+ fwrite($fout, "acl localhost src 127.0.0.1/255.255.255.255\n");
+ fwrite($fout, "acl Safe_ports port 80 443 210 119 70 21 1025-65535\n");
+ fwrite($fout, "acl CONNECT method CONNECT\n");
+ fwrite($fout, "http_access allow localnet\n");
+ fwrite($fout, "http_access allow localhost\n");
+ fwrite($fout, "http_access deny !Safe_ports\n");
+ fwrite($fout, "http_access deny CONNECT\n");
+ fwrite($fout, "http_access deny all\n");
+ fwrite($fout, "visible_hostname pfSense\n");
fwrite($fout, "httpd_accel_host virtual\n");
fwrite($fout, "httpd_accel_port 80\n");
fwrite($fout, "httpd_accel_with_proxy on\n");